SIEM Integrations
SIEM Integrations
SIEM Platform Integrations
Forward Keycloak security events, application logs, and Skycloak platform audit logs to your SIEM platform for centralized security monitoring, threat detection, and compliance.
Available Event Sources
Each SIEM destination forwards one event source type:
| Event Source | Description |
|---|---|
| Keycloak Events | Authentication and user events (logins, logouts, password changes, etc.) |
| Application Logs | Keycloak server logs for troubleshooting and diagnostics |
| Security Logs | WAF detections, geo-blocking events, and rate limiting violations |
| Skycloak Audit Logs | Platform audit trail — cluster, application, settings, and member management actions |
Create separate destinations for each event source you want to monitor. For complete visibility, forward both Keycloak Events (end-user authentication) and Skycloak Audit Logs (platform administration).
Available Integrations
- Splunk - Industry-leading SIEM with powerful search and visualization
- IBM QRadar - Enterprise SIEM with advanced threat intelligence
- Azure Sentinel - Cloud-native SIEM with Microsoft integration
- Datadog - Modern observability platform with security monitoring
- Sumo Logic - Cloud SIEM with machine learning analytics
Getting Started
- Review the SIEM Integration Guide for prerequisites and basic setup
- Select your SIEM platform from the list above
- Follow the platform-specific configuration guide
- Test your integration and verify events are flowing
Support
For assistance with SIEM integrations:
Last updated on